Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability

In reply to: Alexey Dokuchaev : "Re: git: a3dec5316c3e - main - security/vuxml: Document cURL vulnerability"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexey Dokuchaev <danfe_at_freebsd.org>
Date: Mon, 18 Sep 2023 03:06:28 UTC

On Sun, Sep 17, 2023 at 06:33:50PM +0000, Alexey Dokuchaev wrote:
> On Sun, Sep 17, 2023 at 02:23:22PM -0400, Jason E. Hale wrote:
> > > commit a3dec5316c3e45a676eef22de283ad57ea6a3111
> > >
> > >   security/vuxml: Document cURL vulnerability
> > >
> > >   PR:             273764
> > >   Reported by:    yasu
> > > [...]
> > > +   <vuln vid="b5508c08-547a-11ee-85eb-84a93843eb75">
> > > +     <topic>Roundcube -- XSS vulnerability</topic>
> > > +     <affects>
> > > +--
> > > +2.42.0
> > > +
> > 
> > You probably didn't mean to add this file. Could you remove it please?
> 
> Could it be the reason why any "make" command in any port now complains
> that it has known vulnerabilities?

Never mind, committed attachment file is bogus, but apparently harmless.
It's just my /var/db/pkg/vuln.xml somehow got corrupted, `pkg audit -F'
had fixed the problem.

./danfe